2. ECC Diffie-Hellman
ď¨ can do key exchange analogous to D-H
ď¨ users select a suitable curve Eq(a,b)
ď¨ select base point G=(x1,y1)
ď¤ with large order n s.t. nG=O
ď¨ A & B select private keys nA<n, nB<n
ď¨ compute public keys: PA=nAG, PB=nBG
ď¨ compute shared key: K=nAPB, K=nBPA
ď¤ same since K=nAnBG
ď¨ attacker would need to find k, hard
3. ECC Encryption/Decryption
ď¨ several alternatives, will consider simplest
ď¨ must first encode any message M as a point on the
elliptic curve Pm
ď¨ select suitable curve & point G as in D-H
ď¨ each user chooses private key nA<n
ď¨ and computes public key PA=nAG
ď¨ to encrypt Pm : Cm={kG, Pm+kPb}, k random
ď¨ decrypt Cm compute:
Pm+kPbânB(kG) = Pm+k(nBG)ânB(kG) = Pm
4. ECC Security
ď¨ can use much smaller key sizes than with RSA
etc
ď¨ for equivalent key lengths computations are
roughly equivalent
ď¨ ECC offers significant computational
advantages
5. Comparable Key Sizes for
Equivalent Security
Symmetric scheme
(key size in bits)
ECC-based scheme
(size of n in bits)
RSA/DSA
(modulus size in
bits)
56 112 512
80 160 1024
112 224 2048
128 256 3072
192 384 7680
256 512 15360